Offloading SSL to Amazon ELB for PuppetDB
I'm setting up an Elastic Load Balancer to handle the SSL for two PuppetDB nodes (for high availability).
I'm using one of our existing wildcard SSL certificates (let's call it *.example.com for this discussion), but the puppet master doesn't like it, even though it's a Thawte-issued certificate. It looks like it's unable to find the CA cert to verify it:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for <a href="http://node1.ap-southeast-2.example.com">node1.ap-southeast-2.example.com</a> to PuppetDB ...